On This Page

Advanced Malware Analysis

$4200

Ends May 31

Late

$4400

Ends July 24

Onsite

$4600

Ends July 30

Overview

Malware authors sometimes take deliberate steps to thwart the reverse engineering of their malware. Students will learn to combat sophisticated malware head-on by studying common obfuscation techniques and then be challenged to defeat several difficult hands-on. They will learn how to specifically combat against packing, anti-disassembly, anti-debugging and anti-virtual machine techniques. Since not all malware samples are written in plain C the students will also learn how to identify and analyze samples written in alternate programming languages. A practiced and robust skill set in Windows APIs and the Intel x86 architecture is required. Students will receive a FREE copy of the book, "Practical Malware Analysis" written by Mike Sikorski.

What You Will Learn

Hands-on malware dissection

The art of malware analysis; not just running tools

Learn strategies for unpacking malware

How to analyze special cases such as Delphi, C++, and shellcode

How to script IDA Pro to help automate analysis

How to defeat anti-reverse engineering techniques like anti-debugging, anti-disassembly and anti-vm

What to Bring

Students must bring their own laptop with VMware Workstation, Server or Fusion installed (VMware Player is acceptable, but not recommended). Laptops should have at least 20GB of free space.

A licensed copy of IDA Pro is highly recommended to participate in ALL labs, but the free version can be used in most cases.

Students who cannot meet the laptop requirements because of onsite registration or other reasons may contact MANDIANT at education@mandiant.com to see if a laptop can be provided for you.

What You Will Get

Student Manual

Class handouts

MANDIANT gear

Prerequisites

Excellent knowledge of Windows operating system and API

Strong knowledge of the x86 architecture is required

Computer programming experience

Some training or experience in malware analysis

Experience using IDA Pro

Trainers

Michael Sikorski is a Technical Director at Mandiant and co-author of the book "Practical Malware Analysis". His previous employers include the National Security Agency and MIT Lincoln Laboratory. Mike frequently teaches Malware Analysis to a variety of audiences including the FBI and Black Hat.

Jerrold "Jay" Smith is a Principal Consultant at Mandiant where for the past four years he has focused on malware analysis and supported the company's Federal Services work. Jay is also a contributing author to the book "Practical Malware Analysis" and has frequently taught malware analysis. Prior to joining Mandiant he worked at the National Security Agency.